Products
Deep Freeze
- 9.00.020.5760
Source
help@fluidattacks.com
Tags
CVE-2024-8159 details
Published : Oct. 3, 2024, 6:15 a.m.
Last Modified : Oct. 3, 2024, 6:15 a.m.
Last Modified : Oct. 3, 2024, 6:15 a.m.
Description
Deep Freeze 9.00.020.5760 is vulnerable to an out-of-bounds read vulnerability by triggering the 0x70014 IOCTL code of the FarDisk.sys driver.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6.4 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-125 | Out-of-bounds Read | The product reads data past the end, or before the beginning, of the intended buffer. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
LOW
Base Score
6.4
Exploitability Score
1.1
Impact Score
4.7
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:L
References
URL | Source |
---|---|
https://fluidattacks.com/advisories/kanka/ | help@fluidattacks.com |
https://www.faronics.com/products/deep-freeze | help@fluidattacks.com |
This website uses the NVD API, but is not approved or certified by it.